[Pkg-tcltk-devel] Bug#505363: tk8.4: CVE-2008-0533 buffer overrun flaw

Michael Gilbert michael.s.gilbert at gmail.com
Tue Nov 11 21:18:19 UTC 2008

Package: tk8.4
Version: 8.4.19-2
Severity: important

ubuntu has just released "fixes" for a buffer overrun flaw in tk [1].
they describe the problem as:

 It was discovered that Tk could be made to overrun a buffer when loading
 certain images. If a user were tricked into opening a specially crafted
 GIF image, remote attackers could cause a denial of service or execute
 arbitrary code with user privileges.

i am setting the severity important (rather than grave) since the
debian security tracker [2] already says that the problem is
"not-for-us," so it may not affect debian at all.  maybe ubuntu has
once again overreacted by "fixing" a problem that isn't really a

[1] http://www.ubuntu.com/usn/USN-664-1
[2] http://security-tracker.debian.net/tracker/CVE-2008-0533

More information about the Pkg-tcltk-devel mailing list